RemoteApp Help
Hey guys,
I am setting up RemoteApp for the first time in production. Looking for help. I have never had to NAT it out to the public Internet and suddenly I am finding this more challenging than I expected.
1) I installed two servers remoteapp1 (10.1.0.100) and remoteapp2 (10.1.0.101). one runs office 2007 and the other 2010. The objective is to have them side by side for home and Internal users
2) I then installed a server remoteweb1 (10.1.0.102) and NAT'd it out to the public Internet. (Cisco 5510)
3) Works perfectly internally. But from the Internet the the connections fail. It appears the clients are trying to RDP to the private IP range.
Clearly I dont want to NAT out my RemoteApp servers to the Internet. I find more than a few articles stating I need a remote gateway. So i said sure, why not?
I installed another server caller remotegwy1 and installed the roll. Internally if I RDP to remotegwy1 it proxies my connection to remoteapp1, which is nice.
So what is my next step to get remoteweb working?
I am thinking I need to install a second NIC on remotegwy1, one is NAT's out and another for internal use? How does remoteweb1 point to it?
Sorry for the rambling here, but I am not finding the Microsoft articles too helpful.
I am setting up RemoteApp for the first time in production. Looking for help. I have never had to NAT it out to the public Internet and suddenly I am finding this more challenging than I expected.
1) I installed two servers remoteapp1 (10.1.0.100) and remoteapp2 (10.1.0.101). one runs office 2007 and the other 2010. The objective is to have them side by side for home and Internal users
2) I then installed a server remoteweb1 (10.1.0.102) and NAT'd it out to the public Internet. (Cisco 5510)
3) Works perfectly internally. But from the Internet the the connections fail. It appears the clients are trying to RDP to the private IP range.
Clearly I dont want to NAT out my RemoteApp servers to the Internet. I find more than a few articles stating I need a remote gateway. So i said sure, why not?
I installed another server caller remotegwy1 and installed the roll. Internally if I RDP to remotegwy1 it proxies my connection to remoteapp1, which is nice.
So what is my next step to get remoteweb working?
I am thinking I need to install a second NIC on remotegwy1, one is NAT's out and another for internal use? How does remoteweb1 point to it?
Sorry for the rambling here, but I am not finding the Microsoft articles too helpful.
-Daniel
Comments
-
it_consultant
Member Posts: 1,903
Hey guys,
I am setting up RemoteApp for the first time in production. Looking for help. I have never had to NAT it out to the public Internet and suddenly I am finding this more challenging than I expected.
1) I installed two servers remoteapp1 (10.1.0.100) and remoteapp2 (10.1.0.101). one runs office 2007 and the other 2010. The objective is to have them side by side for home and Internal users
2) I then installed a server remoteweb1 (10.1.0.102) and NAT'd it out to the public Internet. (Cisco 5510)
3) Works perfectly internally. But from the Internet the the connections fail. It appears the clients are trying to RDP to the private IP range.
Clearly I dont want to NAT out my RemoteApp servers to the Internet. I find more than a few articles stating I need a remote gateway. So i said sure, why not?
I installed another server caller remotegwy1 and installed the roll. Internally if I RDP to remotegwy1 it proxies my connection to remoteapp1, which is nice.
So what is my next step to get remoteweb working?
I am thinking I need to install a second NIC on remotegwy1, one is NAT's out and another for internal use? How does remoteweb1 point to it?
Sorry for the rambling here, but I am not finding the Microsoft articles too helpful.
Port forwarding - for the remote gateway I am not sure if you will need 443 or 3389. MS does not accept that we use firewalls to protect us from the baddies on the internet so their guidance is lacking when we are publishing resources to the public internet.
If you weren't using remote gateway all you have to do is port forward 3389 from the public to the private and terminating at the endpoint that publishes that app.